package com.example.demo.controller;

import com.example.demo.mapper.UserMapper;
import com.google.code.kaptcha.Constants;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;

@RestController
public class LoginController {
    @Autowired
    private UserMapper userMapper;

    @RequestMapping(value = "/notLogin", method = RequestMethod.GET)
    public Map notLogin() {
        HashMap<String, String> map = new HashMap<>();
        map.put("info", "尚未登录");
        return map;
    }

    @RequestMapping(value = "/notRole", method = RequestMethod.GET)
    public Map notRole() {
        HashMap<String, String> map = new HashMap<>();
        map.put("info", "您没有权限");
        return map;
    }

    @RequestMapping(value = "/notPermission", method = RequestMethod.GET)
    public Map notPermission() {
        HashMap<String, String> map = new HashMap<>();
        map.put("info", "您角色下的权限不够");
        return map;
    }

    @RequestMapping(value = "/logout", method = RequestMethod.GET)
    public Map logout() {
        Subject subject = SecurityUtils.getSubject();
        //注销
        subject.logout();
        HashMap<String, String> map = new HashMap<>();
        map.put("info", "成功注销");
        return map;
    }

    /**
     * 登陆
     */
    @RequestMapping(value = "/login", method = RequestMethod.POST)
    public Map login(@RequestBody Map<String, String> requestMap, HttpServletRequest httpServletRequest) {
        HashMap<String, String> map = new HashMap<>();
        String username = requestMap.get("username");
        String password = requestMap.get("password");
        String code = requestMap.get("code");
        if (!code.equals(httpServletRequest.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY))) {
            map.put("info", "验证码错误");
            return map;
        }
        // 从SecurityUtils里边创建一个 subject
        Subject subject = SecurityUtils.getSubject();
        subject.getSession().setTimeout(30 * 60 * 1000);
        // 在认证提交前准备 token（令牌）
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        // 执行认证登陆
        subject.login(token);
        //根据权限，指定返回数据
        String role = userMapper.getRole(username);
        if ("user".equals(role)) {
            map.put("info", "欢迎登陆");
            return map;
        }
        if ("admin".equals(role)) {
            map.put("info", "欢迎来到管理员页面");
            return map;
        }
        map.put("info", "权限错误");
        return map;
    }
}
